

<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
  <meta charset="utf-8" />
  
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  
  <title>NFS &mdash; Ceph Documentation</title>
  

  
  <link rel="stylesheet" href="../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/graphviz.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/css/custom.css" type="text/css" />

  
  
    <link rel="shortcut icon" href="../../_static/favicon.ico"/>
  

  
  

  

  
  <!--[if lt IE 9]>
    <script src="../../_static/js/html5shiv.min.js"></script>
  <![endif]-->
  
    
      <script type="text/javascript" id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
        <script src="../../_static/jquery.js"></script>
        <script src="../../_static/underscore.js"></script>
        <script src="../../_static/doctools.js"></script>
    
    <script type="text/javascript" src="../../_static/js/theme.js"></script>

    
    <link rel="index" title="Index" href="../../genindex/" />
    <link rel="search" title="Search" href="../../search/" />
    <link rel="next" title="与 OpenStack Keystone 对接" href="../keystone/" />
    <link rel="prev" title="librgw (Python)" href="../api/" /> 
</head>

<body class="wy-body-for-nav">

   
  <header class="top-bar">
    

















<div role="navigation" aria-label="breadcrumbs navigation">

  <ul class="wy-breadcrumbs">
    
      <li><a href="../../" class="icon icon-home"></a> &raquo;</li>
        
          <li><a href="../">Ceph 对象网关</a> &raquo;</li>
        
      <li>NFS</li>
    
    
      <li class="wy-breadcrumbs-aside">
        
          
            <a href="../../_sources/radosgw/nfs.rst.txt" rel="nofollow"> View page source</a>
          
        
      </li>
    
  </ul>

  
  <hr/>
</div>
  </header>
  <div class="wy-grid-for-nav">
    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search"  style="background: #eee" >
          

          
            <a href="../../">
          

          
            
            <img src="../../_static/logo.png" class="logo" alt="Logo"/>
          
          </a>

          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../../search/" method="get">
    <input type="text" name="q" placeholder="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        
        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../start/intro/">Ceph 简介</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../install/">安装 Ceph</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../cephadm/">Cephadm</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../rados/">Ceph 存储集群</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../cephfs/">Ceph 文件系统</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../rbd/">Ceph 块设备</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../">Ceph 对象网关</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../frontends/">HTTP 前端</a></li>
<li class="toctree-l2"><a class="reference internal" href="../placement/">存储池归置与存储类</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multisite/">多站配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multisite-sync-policy/">多站同步策略配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pools/">存储池的配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../config-ref/">配置参考</a></li>
<li class="toctree-l2"><a class="reference internal" href="../admin/">管理指南</a></li>
<li class="toctree-l2"><a class="reference internal" href="../s3/">S3 API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../rgw-cache/">Data caching and CDN</a></li>
<li class="toctree-l2"><a class="reference internal" href="../swift/">Swift API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../adminops/">管理操作 API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../api/">Python 接口</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">通过 NFS 导出</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#librgw">librgw</a></li>
<li class="toctree-l3"><a class="reference internal" href="#id1">命名空间惯例</a></li>
<li class="toctree-l3"><a class="reference internal" href="#id3">支持的操作</a></li>
<li class="toctree-l3"><a class="reference internal" href="#id4">安全</a></li>
<li class="toctree-l3"><a class="reference internal" href="#nfs-ganesha">NFS-Ganesha 例程的手动配置</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#ceph-conf">ceph.conf</a></li>
<li class="toctree-l4"><a class="reference internal" href="#ganesha-conf">ganesha.conf</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#id7">同时跑多个 NFS 网关</a></li>
<li class="toctree-l3"><a class="reference internal" href="#rgw-rgw-nfs">RGW 与 RGW NFS</a></li>
<li class="toctree-l3"><a class="reference internal" href="#nfsv4">NFSv4 客户端的配置</a></li>
<li class="toctree-l3"><a class="reference internal" href="#nfsv3">NFSv3 客户端的配置</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#id8">NFSv3 语义</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#id9">参考资料</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../keystone/">与 OpenStack Keystone 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../barbican/">与 OpenStack Barbican 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../vault/">与 HashiCorp Vault 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../kmip/">KMIP Integration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../opa/">与 Open Policy Agent 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multitenancy/">多租户</a></li>
<li class="toctree-l2"><a class="reference internal" href="../compression/">压缩</a></li>
<li class="toctree-l2"><a class="reference internal" href="../ldap-auth/">LDAP 认证</a></li>
<li class="toctree-l2"><a class="reference internal" href="../encryption/">服务器端加密</a></li>
<li class="toctree-l2"><a class="reference internal" href="../bucketpolicy/">桶策略</a></li>
<li class="toctree-l2"><a class="reference internal" href="../dynamicresharding/">动态的桶索引重分片</a></li>
<li class="toctree-l2"><a class="reference internal" href="../mfa/">多因子认证</a></li>
<li class="toctree-l2"><a class="reference internal" href="../sync-modules/">同步模块</a></li>
<li class="toctree-l2"><a class="reference internal" href="../notifications/">Bucket Notifications</a></li>
<li class="toctree-l2"><a class="reference internal" href="../layout/">RADOS 中的数据布局</a></li>
<li class="toctree-l2"><a class="reference internal" href="../STS/">STS</a></li>
<li class="toctree-l2"><a class="reference internal" href="../STSLite/">STS Lite</a></li>
<li class="toctree-l2"><a class="reference internal" href="../keycloak/">Keycloak</a></li>
<li class="toctree-l2"><a class="reference internal" href="../role/">Role</a></li>
<li class="toctree-l2"><a class="reference internal" href="../session-tags/">Session Tags</a></li>
<li class="toctree-l2"><a class="reference internal" href="../orphans/">Orphan List and Associated Tooliing</a></li>
<li class="toctree-l2"><a class="reference internal" href="../oidc/">OpenID Connect Provider</a></li>
<li class="toctree-l2"><a class="reference internal" href="../troubleshooting/">故障排除</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../man/8/radosgw/">radosgw 手册页</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../man/8/radosgw-admin/">radosgw-admin 手册页</a></li>
<li class="toctree-l2"><a class="reference internal" href="../qat-accel/">使用 QAT 为加密和压缩提速</a></li>
<li class="toctree-l2"><a class="reference internal" href="../s3select/">S3-select</a></li>
<li class="toctree-l2"><a class="reference internal" href="../lua-scripting/">Lua Scripting</a></li>
<li class="toctree-l2"><a class="reference internal" href="../d3n_datacache/">D3N Data Cache</a></li>
<li class="toctree-l2"><a class="reference internal" href="../cloud-transition/">Cloud Transition</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../mgr/">Ceph 管理器守护进程</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../mgr/dashboard/">Ceph 仪表盘</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../api/">API 文档</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../architecture/">体系结构</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../dev/developer_guide/">开发者指南</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../dev/internals/">Ceph 内幕</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../governance/">项目管理</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../foundation/">Ceph 基金会</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../ceph-volume/">ceph-volume</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../releases/general/">Ceph 版本（总目录）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../releases/">Ceph 版本（索引）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../security/">Security</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../glossary/">Ceph 术语</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../jaegertracing/">Tracing</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../translation_cn/">中文版翻译资源</a></li>
</ul>

            
          
        </div>
        
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../../">Ceph</a>
        
      </nav>


      <div class="wy-nav-content">
        
        <div class="rst-content">
        
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
<div id="dev-warning" class="admonition note">
  <p class="first admonition-title">Notice</p>
  <p class="last">This document is for a development version of Ceph.</p>
</div>
  <div id="docubetter" align="right" style="padding: 5px; font-weight: bold;">
    <a href="https://pad.ceph.com/p/Report_Documentation_Bugs">Report a Documentation Bug</a>
  </div>

  
  <div class="section" id="nfs">
<h1>NFS<a class="headerlink" href="#nfs" title="Permalink to this headline">¶</a></h1>
<div class="versionadded">
<p><span class="versionmodified added">New in version Jewel.</span></p>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Only the NFSv4 protocol is supported when using a cephadm or rook based deployment.</p>
</div>
<p>Ceph 对象网关的命名空间可以通过基于文件的 NFSV4 协议导出，
也支持传统的 HTTP 访问协议（ S3 和 Swift ）。</p>
<p>特别是， Ceph 对象网关在嵌入 NFS-Ganesha NFS 服务器时，
配置好就可以提供基于文件的访问。</p>
<p>The simplest and preferred way of managing nfs-ganesha clusters and rgw exports
is using <code class="docutils literal notranslate"><span class="pre">ceph</span> <span class="pre">nfs</span> <span class="pre">...</span></code> commands. See <a class="reference internal" href="../../mgr/nfs/"><span class="doc">CephFS &amp; RGW Exports over NFS</span></a> for more details.</p>
<div class="section" id="librgw">
<h2>librgw<a class="headerlink" href="#librgw" title="Permalink to this headline">¶</a></h2>
<p>The librgw.so shared library (Unix) provides a loadable interface to
Ceph Object Gateway services, and instantiates a full Ceph Object Gateway
instance on initialization.</p>
<p>In turn, librgw.so exports rgw_file, a stateful API for file-oriented
access to RGW buckets and objects.  The API is general, but its design
is strongly influenced by the File System Abstraction Layer (FSAL) API
of NFS-Ganesha, for which it has been primarily designed.</p>
<p>A set of Python bindings is also provided.</p>
</div>
<div class="section" id="id1">
<h2>命名空间惯例<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h2>
<p>The implementation conforms to Amazon Web Services (AWS) hierarchical
namespace conventions which map UNIX-style path names onto S3 buckets
and objects.</p>
<p>The top level of the attached namespace consists of S3 buckets,
represented as NFS directories. Files and directories subordinate to
buckets are each represented as objects, following S3 prefix and
delimiter conventions, with ‘/’ being the only supported path
delimiter <a class="footnote-reference brackets" href="#id10" id="id2">1</a>.</p>
<p>For example, if an NFS client has mounted an RGW namespace at “/nfs”,
then a file “/nfs/mybucket/www/index.html” in the NFS namespace
corresponds to an RGW object “www/index.html” in a bucket/container
“mybucket.”</p>
<p>Although it is generally invisible to clients, the NFS namespace is
assembled through concatenation of the corresponding paths implied by
the objects in the namespace.  Leaf objects, whether files or
directories, will always be materialized in an RGW object of the
corresponding key name, “&lt;name&gt;” if a file, “&lt;name&gt;/” if a directory.
Non-leaf directories (e.g., “www” above) might only be implied by
their appearance in the names of one or more leaf objects. Directories
created within NFS or directly operated on by an NFS client (e.g., via
an attribute-setting operation such as chown or chmod) always have a
leaf object representation used to store materialized attributes such
as Unix ownership and permissions.</p>
</div>
<div class="section" id="id3">
<h2>支持的操作<a class="headerlink" href="#id3" title="Permalink to this headline">¶</a></h2>
<p>The RGW NFS interface supports most operations on files and
directories, with the following restrictions:</p>
<ul class="simple">
<li><p>Links, including symlinks, are not supported.</p></li>
<li><p>NFS ACLs are not supported.</p>
<ul>
<li><p>Unix user and group ownership and permissions <em>are</em> supported.</p></li>
</ul>
</li>
<li><p>Directories may not be moved/renamed.</p>
<ul>
<li><p>Files may be moved between directories.</p></li>
</ul>
</li>
<li><p>Only full, sequential <em>write</em> I/O is supported</p>
<ul>
<li><p>i.e., write operations are constrained to be <strong>uploads</strong>.</p></li>
<li><p>Many typical I/O operations such as editing files in place will necessarily fail as they perform non-sequential stores.</p></li>
<li><p>Some file utilities <em>apparently</em> writing sequentially (e.g., some versions of GNU tar) may fail due to infrequent non-sequential stores.</p></li>
<li><p>When mounting via NFS, sequential application I/O can generally be constrained to be written sequentially to the NFS server via a synchronous mount option (e.g. -osync in Linux).</p></li>
<li><p>NFS clients which cannot mount synchronously (e.g., MS Windows) will not be able to upload files.</p></li>
</ul>
</li>
</ul>
</div>
<div class="section" id="id4">
<h2>安全<a class="headerlink" href="#id4" title="Permalink to this headline">¶</a></h2>
<p>The RGW NFS interface provides a hybrid security model with the
following characteristics:</p>
<ul class="simple">
<li><p>NFS protocol security is provided by the NFS-Ganesha server, as negotiated by the NFS server and clients</p>
<ul>
<li><p>e.g., clients can by trusted (AUTH_SYS), or required to present Kerberos user credentials (RPCSEC_GSS)</p></li>
<li><p>RPCSEC_GSS wire security can be integrity only (krb5i) or integrity and privacy (encryption, krb5p)</p></li>
<li><p>various NFS-specific security and permission rules are available</p>
<ul>
<li><p>e.g., root-squashing</p></li>
</ul>
</li>
</ul>
</li>
<li><p>a set of RGW/S3 security credentials (unknown to NFS) is associated with each RGW NFS mount (i.e., NFS-Ganesha EXPORT)</p>
<ul>
<li><p>all RGW object operations performed via the NFS server will be performed by the RGW user associated with the credentials stored in the export being accessed (currently only RGW and RGW LDAP credentials are supported)</p>
<ul>
<li><p>additional RGW authentication types such as Keystone are not currently supported</p></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="section" id="nfs-ganesha">
<h2>NFS-Ganesha 例程的手动配置<a class="headerlink" href="#nfs-ganesha" title="Permalink to this headline">¶</a></h2>
<p>Each NFS RGW instance is an NFS-Ganesha server instance <em>embeddding</em>
a full Ceph RGW instance.</p>
<p>Therefore, the RGW NFS configuration includes Ceph and Ceph Object
Gateway-specific configuration in a local ceph.conf, as well as
NFS-Ganesha-specific configuration in the NFS-Ganesha config file,
ganesha.conf.</p>
<div class="section" id="ceph-conf">
<h3>ceph.conf<a class="headerlink" href="#ceph-conf" title="Permalink to this headline">¶</a></h3>
<p>Required ceph.conf configuration for RGW NFS includes:</p>
<ul class="simple">
<li><p>valid [client.rgw.{instance-name}] section</p></li>
<li><p>valid values for minimal instance configuration, in particular, an installed and correct <code class="docutils literal notranslate"><span class="pre">keyring</span></code></p></li>
</ul>
<p>Other config variables are optional, front-end-specific and front-end
selection variables (e.g., <code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">data</span></code> and <code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">frontends</span></code>) are
optional and in some cases ignored.</p>
<p>A small number of config variables (e.g., <code class="docutils literal notranslate"><span class="pre">rgw_nfs_namespace_expire_secs</span></code>)
are unique to RGW NFS.</p>
</div>
<div class="section" id="ganesha-conf">
<h3>ganesha.conf<a class="headerlink" href="#ganesha-conf" title="Permalink to this headline">¶</a></h3>
<p>A strictly minimal ganesha.conf for use with RGW NFS includes one
EXPORT block with embedded FSAL block of type RGW:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">EXPORT</span>
<span class="p">{</span>
     <span class="n">Export_ID</span><span class="o">=</span><span class="p">{</span><span class="n">numeric</span><span class="o">-</span><span class="nb">id</span><span class="p">};</span>
     <span class="n">Path</span> <span class="o">=</span> <span class="s2">&quot;/&quot;</span><span class="p">;</span>
     <span class="n">Pseudo</span> <span class="o">=</span> <span class="s2">&quot;/&quot;</span><span class="p">;</span>
     <span class="n">Access_Type</span> <span class="o">=</span> <span class="n">RW</span><span class="p">;</span>
     <span class="n">SecType</span> <span class="o">=</span> <span class="s2">&quot;sys&quot;</span><span class="p">;</span>
     <span class="n">NFS_Protocols</span> <span class="o">=</span> <span class="mi">4</span><span class="p">;</span>
     <span class="n">Transport_Protocols</span> <span class="o">=</span> <span class="n">TCP</span><span class="p">;</span>

     <span class="c1"># optional, permit unsquashed access by client &quot;root&quot; user</span>
     <span class="c1">#Squash = No_Root_Squash;</span>

     <span class="n">FSAL</span> <span class="p">{</span>
             <span class="n">Name</span> <span class="o">=</span> <span class="n">RGW</span><span class="p">;</span>
             <span class="n">User_Id</span> <span class="o">=</span> <span class="p">{</span><span class="n">s3</span><span class="o">-</span><span class="n">user</span><span class="o">-</span><span class="nb">id</span><span class="p">};</span>
             <span class="n">Access_Key_Id</span> <span class="o">=</span><span class="s2">&quot;{s3-access-key}&quot;</span><span class="p">;</span>
             <span class="n">Secret_Access_Key</span> <span class="o">=</span> <span class="s2">&quot;{s3-secret}&quot;</span><span class="p">;</span>
     <span class="p">}</span>
<span class="p">}</span>
</pre></div>
</div>
<p><code class="docutils literal notranslate"><span class="pre">Export_ID</span></code> must have an integer value, e.g., “77”</p>
<p><code class="docutils literal notranslate"><span class="pre">Path</span></code> (for RGW) should be “/”</p>
<p><code class="docutils literal notranslate"><span class="pre">Pseudo</span></code> defines an NFSv4 pseudo root name (NFSv4 only)</p>
<p><code class="docutils literal notranslate"><span class="pre">SecType</span> <span class="pre">=</span> <span class="pre">sys;</span></code> allows clients to attach without Kerberos
authentication</p>
<p><code class="docutils literal notranslate"><span class="pre">Squash</span> <span class="pre">=</span> <span class="pre">No_Root_Squash;</span></code> enables the client root user to override
permissions (Unix convention).  When root-squashing is enabled,
operations attempted by the root user are performed as if by the local
“nobody” (and “nogroup”) user on the NFS-Ganesha server</p>
<p>The RGW FSAL additionally supports RGW-specific configuration
variables in the RGW config section:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">RGW</span> <span class="p">{</span>
    <span class="n">cluster</span> <span class="o">=</span> <span class="s2">&quot;{cluster name, default &#39;ceph&#39;}&quot;</span><span class="p">;</span>
    <span class="n">name</span> <span class="o">=</span> <span class="s2">&quot;client.rgw.{instance-name}&quot;</span><span class="p">;</span>
    <span class="n">ceph_conf</span> <span class="o">=</span> <span class="s2">&quot;/opt/ceph-rgw/etc/ceph/ceph.conf&quot;</span><span class="p">;</span>
    <span class="n">init_args</span> <span class="o">=</span> <span class="s2">&quot;-d --debug-rgw=16&quot;</span><span class="p">;</span>
<span class="p">}</span>
</pre></div>
</div>
<p><code class="docutils literal notranslate"><span class="pre">cluster</span></code> sets a Ceph cluster name (must match the cluster being exported)</p>
<p><code class="docutils literal notranslate"><span class="pre">name</span></code> sets an RGW instance name (must match the cluster being exported)</p>
<p><code class="docutils literal notranslate"><span class="pre">ceph_conf</span></code> gives a path to a non-default ceph.conf file to use</p>
<div class="section" id="id5">
<h4>其它有用的 NFS-Ganesha 配置选项<a class="headerlink" href="#id5" title="Permalink to this headline">¶</a></h4>
<p>Any EXPORT block which should support NFSv3 should include version 3
in the NFS_Protocols setting. Additionally, NFSv3 is the last major
version to support the UDP transport. To enable UDP, include it in the
Transport_Protocols setting. For example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">EXPORT</span> <span class="p">{</span>
 <span class="o">...</span>
   <span class="n">NFS_Protocols</span> <span class="o">=</span> <span class="mi">3</span><span class="p">,</span><span class="mi">4</span><span class="p">;</span>
   <span class="n">Transport_Protocols</span> <span class="o">=</span> <span class="n">UDP</span><span class="p">,</span><span class="n">TCP</span><span class="p">;</span>
 <span class="o">...</span>
<span class="p">}</span>
</pre></div>
</div>
<p>One important family of options pertains to interaction with the Linux
idmapping service, which is used to normalize user and group names
across systems.  Details of idmapper integration are not provided here.</p>
<p>With Linux NFS clients, NFS-Ganesha can be configured
to accept client-supplied numeric user and group identifiers with
NFSv4, which by default stringifies these–this may be useful in small
setups and for experimentation:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">NFSV4</span> <span class="p">{</span>
    <span class="n">Allow_Numeric_Owners</span> <span class="o">=</span> <span class="n">true</span><span class="p">;</span>
    <span class="n">Only_Numeric_Owners</span> <span class="o">=</span> <span class="n">true</span><span class="p">;</span>
<span class="p">}</span>
</pre></div>
</div>
</div>
<div class="section" id="id6">
<h4>故障排除<a class="headerlink" href="#id6" title="Permalink to this headline">¶</a></h4>
<p>NFS-Ganesha configuration problems are usually debugged by running the
server with debugging options, controlled by the LOG config section.</p>
<p>NFS-Ganesha log messages are grouped into various components, logging
can be enabled separately for each component. Valid values for
component logging include:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">*</span><span class="n">FATAL</span><span class="o">*</span> <span class="n">critical</span> <span class="n">errors</span> <span class="n">only</span>
<span class="o">*</span><span class="n">WARN</span><span class="o">*</span> <span class="n">unusual</span> <span class="n">condition</span>
<span class="o">*</span><span class="n">DEBUG</span><span class="o">*</span> <span class="n">mildly</span> <span class="n">verbose</span> <span class="n">trace</span> <span class="n">output</span>
<span class="o">*</span><span class="n">FULL_DEBUG</span><span class="o">*</span> <span class="n">verbose</span> <span class="n">trace</span> <span class="n">output</span>
</pre></div>
</div>
<p>例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span> <span class="n">LOG</span> <span class="p">{</span>

       <span class="n">Components</span> <span class="p">{</span>
               <span class="n">MEMLEAKS</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">FSAL</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">NFSPROTO</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">NFS_V4</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">EXPORT</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">FILEHANDLE</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">DISPATCH</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">CACHE_INODE</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">CACHE_INODE_LRU</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">HASHTABLE</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">HASHTABLE_CACHE</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">DUPREQ</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">INIT</span> <span class="o">=</span> <span class="n">DEBUG</span><span class="p">;</span>
               <span class="n">MAIN</span> <span class="o">=</span> <span class="n">DEBUG</span><span class="p">;</span>
               <span class="n">IDMAPPER</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">NFS_READDIR</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">NFS_V4_LOCK</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">CONFIG</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">CLIENTID</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">SESSIONS</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">PNFS</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">RW_LOCK</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">NLM</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">RPC</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">NFS_CB</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">THREAD</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">NFS_V4_ACL</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">STATE</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">FSAL_UP</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
               <span class="n">DBUS</span> <span class="o">=</span> <span class="n">FATAL</span><span class="p">;</span>
       <span class="p">}</span>
       <span class="c1"># optional: redirect log output</span>
<span class="c1">#      Facility {</span>
<span class="c1">#              name = FILE;</span>
<span class="c1">#              destination = &quot;/tmp/ganesha-rgw.log&quot;;</span>
<span class="c1">#              enable = active;</span>
       <span class="p">}</span>
<span class="p">}</span>
</pre></div>
</div>
</div>
</div>
</div>
<div class="section" id="id7">
<h2>同时跑多个 NFS 网关<a class="headerlink" href="#id7" title="Permalink to this headline">¶</a></h2>
<p>Each NFS-Ganesha instance acts as a full gateway endpoint, with the
limitation that currently an NFS-Ganesha instance cannot be configured
to export HTTP services. As with ordinary gateway instances, any
number of NFS-Ganesha instances can be started, exporting the same or
different resources from the cluster. This enables the clustering of
NFS-Ganesha instances. However, this does not imply high availability.</p>
<p>When regular gateway instances and NFS-Ganesha instances overlap the
same data resources, they will be accessible from both the standard S3
API and through the NFS-Ganesha instance as exported. You can
co-locate the NFS-Ganesha instance with a Ceph Object Gateway instance
on the same host.</p>
</div>
<div class="section" id="rgw-rgw-nfs">
<h2>RGW 与 RGW NFS<a class="headerlink" href="#rgw-rgw-nfs" title="Permalink to this headline">¶</a></h2>
<p>Exporting an NFS namespace and other RGW namespaces (e.g., S3 or Swift
via the Civetweb HTTP front-end) from the same program instance is
currently not supported.</p>
<p>When adding objects and buckets outside of NFS, those objects will
appear in the NFS namespace in the time set by
<code class="docutils literal notranslate"><span class="pre">rgw_nfs_namespace_expire_secs</span></code>, which defaults to 300 seconds (5 minutes).
Override the default value for <code class="docutils literal notranslate"><span class="pre">rgw_nfs_namespace_expire_secs</span></code> in the
Ceph configuration file to change the refresh rate.</p>
<p>If exporting Swift containers that do not conform to valid S3 bucket
naming requirements, set <code class="docutils literal notranslate"><span class="pre">rgw_relaxed_s3_bucket_names</span></code> to true in the
[client.rgw] section of the Ceph configuration file. For example,
if a Swift container name contains underscores, it is not a valid S3
bucket name and will be rejected unless <code class="docutils literal notranslate"><span class="pre">rgw_relaxed_s3_bucket_names</span></code>
is set to true.</p>
</div>
<div class="section" id="nfsv4">
<h2>NFSv4 客户端的配置<a class="headerlink" href="#nfsv4" title="Permalink to this headline">¶</a></h2>
<p>To access the namespace, mount the configured NFS-Ganesha export(s)
into desired locations in the local POSIX namespace. As noted, this
implementation has a few unique restrictions:</p>
<ul class="simple">
<li><p>NFS 4.1 and higher protocol flavors are preferred</p>
<ul>
<li><p>NFSv4 OPEN and CLOSE operations are used to track upload transactions</p></li>
</ul>
</li>
<li><p>To upload data successfully, clients must preserve write ordering</p>
<ul>
<li><p>on Linux and many Unix NFS clients, use the -osync mount option</p></li>
</ul>
</li>
</ul>
<p>Conventions for mounting NFS resources are platform-specific. The
following conventions work on Linux and some Unix platforms:</p>
<p>From the command line:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">mount</span> <span class="o">-</span><span class="n">t</span> <span class="n">nfs</span> <span class="o">-</span><span class="n">o</span> <span class="n">nfsvers</span><span class="o">=</span><span class="mf">4.1</span><span class="p">,</span><span class="n">noauto</span><span class="p">,</span><span class="n">soft</span><span class="p">,</span><span class="n">sync</span><span class="p">,</span><span class="n">proto</span><span class="o">=</span><span class="n">tcp</span> <span class="o">&lt;</span><span class="n">ganesha</span><span class="o">-</span><span class="n">host</span><span class="o">-</span><span class="n">name</span><span class="o">&gt;</span><span class="p">:</span><span class="o">/</span> <span class="o">&lt;</span><span class="n">mount</span><span class="o">-</span><span class="n">point</span><span class="o">&gt;</span>
</pre></div>
</div>
<p>在 /etc/fstab 里：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">&lt;</span><span class="n">ganesha</span><span class="o">-</span><span class="n">host</span><span class="o">-</span><span class="n">name</span><span class="o">&gt;</span><span class="p">:</span><span class="o">/</span> <span class="o">&lt;</span><span class="n">mount</span><span class="o">-</span><span class="n">point</span><span class="o">&gt;</span> <span class="n">nfs</span> <span class="n">noauto</span><span class="p">,</span><span class="n">soft</span><span class="p">,</span><span class="n">nfsvers</span><span class="o">=</span><span class="mf">4.1</span><span class="p">,</span><span class="n">sync</span><span class="p">,</span><span class="n">proto</span><span class="o">=</span><span class="n">tcp</span> <span class="mi">0</span> <span class="mi">0</span>
</pre></div>
</div>
<p>指定 NFS-Ganesha 主机名和客户端上挂载点的路径。</p>
</div>
<div class="section" id="nfsv3">
<h2>NFSv3 客户端的配置<a class="headerlink" href="#nfsv3" title="Permalink to this headline">¶</a></h2>
<p>Linux clients can be configured to mount with NFSv3 by supplying
<code class="docutils literal notranslate"><span class="pre">nfsvers=3</span></code> and <code class="docutils literal notranslate"><span class="pre">noacl</span></code> as mount options. To use UDP as the
transport, add <code class="docutils literal notranslate"><span class="pre">proto=udp</span></code> to the mount options. However, TCP is the
preferred transport:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">&lt;</span><span class="n">ganesha</span><span class="o">-</span><span class="n">host</span><span class="o">-</span><span class="n">name</span><span class="o">&gt;</span><span class="p">:</span><span class="o">/</span> <span class="o">&lt;</span><span class="n">mount</span><span class="o">-</span><span class="n">point</span><span class="o">&gt;</span> <span class="n">nfs</span> <span class="n">noauto</span><span class="p">,</span><span class="n">noacl</span><span class="p">,</span><span class="n">soft</span><span class="p">,</span><span class="n">nfsvers</span><span class="o">=</span><span class="mi">3</span><span class="p">,</span><span class="n">sync</span><span class="p">,</span><span class="n">proto</span><span class="o">=</span><span class="n">tcp</span> <span class="mi">0</span> <span class="mi">0</span>
</pre></div>
</div>
<p>Configure the NFS Ganesha EXPORT block Protocols setting with version
3 and the Transports setting with UDP if the mount will use version 3 with UDP.</p>
<div class="section" id="id8">
<h3>NFSv3 语义<a class="headerlink" href="#id8" title="Permalink to this headline">¶</a></h3>
<p>Since NFSv3 does not communicate client OPEN and CLOSE operations to
file servers, RGW NFS cannot use these operations to mark the
beginning and ending of file upload transactions. Instead, RGW NFS
starts a new upload when the first write is sent to a file at offset
0, and finalizes the upload when no new writes to the file have been
seen for a period of time, by default, 10 seconds. To change this
timeout, set an alternate value for <code class="docutils literal notranslate"><span class="pre">rgw_nfs_write_completion_interval_s</span></code>
in the RGW section(s) of the Ceph configuration file.</p>
</div>
</div>
<div class="section" id="id9">
<h2>参考资料<a class="headerlink" href="#id9" title="Permalink to this headline">¶</a></h2>
<dl class="footnote brackets">
<dt class="label" id="id10"><span class="brackets"><a class="fn-backref" href="#id2">1</a></span></dt>
<dd><p><a class="reference external" href="http://docs.aws.amazon.com/AmazonS3/latest/dev/ListingKeysHierarchy.html">http://docs.aws.amazon.com/AmazonS3/latest/dev/ListingKeysHierarchy.html</a></p>
</dd>
</dl>
</div>
</div>



           </div>
           
          </div>
          <footer>
    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
        <a href="../keystone/" class="btn btn-neutral float-right" title="与 OpenStack Keystone 对接" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
        <a href="../api/" class="btn btn-neutral float-left" title="librgw (Python)" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>
        &#169; Copyright 2016, Ceph authors and contributors. Licensed under Creative Commons Attribution Share Alike 3.0 (CC-BY-SA-3.0).

    </p>
  </div> 

</footer>
        </div>
      </div>

    </section>

  </div>
  

  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>

  
  
    
   

</body>
</html>